b'                      SPECTO\n                 IN            R\n             F                     G\n         O                             E\n     E\n\n\n\n\n                                       N\n     C\n\n\n\n\n                                           E\nFI\n\n\n\n\n                                           RA\nOF\n\n\n\n\n                                               L\n                                                   OFFICE OF INSPECTOR GENERAL\n                                                        EXPORT-IMPORT BANK\n                                                         of the UNITED STATES\n\n\n\n\n                    Audit of\n             Export-Import Bank\xe2\x80\x99s\n         Short-Term Insurance Program\n\n\n                                                              September 28, 2012\n                                                                   OIG-AR-12-05\n\x0c\xc2\xa0\n\n\n\n\n    To:        Jeffrey Abramson\n               Vice President, Trade Finance\n\n               Walter Kosciow\n               Vice President, Trade Credit Insurance\n\n    From:      Rebecca Sharek\n               Assistant Inspector General for Audits\n\n    Subject:   Audit of Export-Import Bank\xe2\x80\x99s Short-Term Insurance Program\n\n    Date:      September 28, 2012\n\n\n    This memorandum transmits Audit Report OIG-AR-12-05, \xe2\x80\x9cAudit of Export-Import\n    Bank\xe2\x80\x99s Short-Term Insurance Program\xe2\x80\x9d. Cotton & Company LLP, under a contract\n    issued by the Office of Inspector General, performed the audit. The objective of the\n    audit was to determine whether the Export-Import Bank\xe2\x80\x99s Short-Term Insurance\n    Program had effective policies and procedures to manage credit risks and losses as\n    well as to identify and respond to fraud risk during fiscal years 2010 and 2011.\n\n    The audit found that (1) Short-Term Insurance Program procedures were not\n    adequately documented or consistently followed; (2) duties were not always\n    segregated appropriately; and (3) system calculations were not always accurate.\n    The auditors made 10 recommendations for corrective action. Management\n    concurred with 6 of the 10 recommendations. For Recommendations A1, A2, B1, B2,\n    D3, and E, management\xe2\x80\x99s proposed actions are responsive to the intent of the\n    recommendations. The recommendations are resolved and will be closed upon\n    completion and verification of the proposed actions. Management partially\n    concurred or nonconcurred with the remaining four recommendations. For\n    Recommendations C1, C2, D1, and D2, management\xe2\x80\x99s comments and/or proposed\n    actions are unresponsive and do not adequately address the concerns that\n    prompted the recommendations. We reaffirm the basis for both the findings and\n    recommendations and have referred the matter to the Export-Import Bank Audit\n    Follow-Up Official for resolution.\n\n    We appreciate the courtesies and cooperation extended to the auditors during the\n    audit. If you have questions, please contact me at (202) 565-3169 or\n    rebecca.sharek@exim.gov.\n\n\n\n\n                      811 Vermont Avenue, NW Washington, D.C. 20571\n\x0ccc:   Fred Hochberg, Chairman and President\n      Alice Albright, Executive Vice President and Chief Operating Officer\n      Audit Committee\n      David Sena, Senior Vice President and Chief Financial Officer\n      Patricia Wolf, Supervisory Accountant\n      John McAdams, Senior Vice President, Export Finance\n      Charles Tansey, Senior Vice President, Small Business\n      Arnold Chow, Director, Short-Term Business\n      Jean Fitzgibbon, Director, Trade Credit Insurance\n      Richard Brackley, Managing Director, Claims and Recoveries\n\n\n\n\n                 811 Vermont Avenue, N.W. Washington, D.C. 20571\n\x0cSeptember 28, 2012\n\n\nRebecca Sharek\nAssistant Inspector General for Audit\nExport-Import Bank\n811 Vermont Avenue, N.W.\nWashington, D.C. 20571\n\nSubject:      Audit of Export-Import Bank\xe2\x80\x99s Short-Term Insurance Program\n\nDear Ms. Sharek:\n\nWe are pleased to submit this report in support of audit services provided to the Export-Import\nBank of the United States (Ex-Im)\xe2\x80\x99s Office of the Inspector General. Cotton & Company LLP\nconducted an independent audit of Ex-Im\xe2\x80\x99s short-term insurance program to determine if it had\neffective policies and procedures to manage credit risk and losses, as well as to identify and\nrespond to fraud risk during FYs 2010 and 2011. Cotton & Company performed the work from\nMarch through August 2012.\n\nWe conducted this performance audit in accordance with generally accepted government\nauditing standards, as amended, promulgated by the Comptroller General of the United States.\nThose standards require that we plan and perform the audit to obtain sufficient, appropriate\nevidence that provides a reasonable basis for our findings and conclusions based on our audit\nobjectives. We believe that the evidence we obtained provides a reasonable basis for our\nfindings and conclusions based on our audit objectives.\n\nPlease feel free to contact me with any questions.\n\nSincerely,\n\nCOTTON & COMPANY LLP\n\n\n\nMatthew Johnson, CPA, CISA, CGFM\nPartner\n\n\n\n                                               i\n\x0cSHORT-TERM INSURANCE                                            INDEPENDENT AUDIT REPORT\n\n\n\n                                      CONTENTS\n\nSection                                                                           Page\nI.   Executive Summary                                                               1\nII. Background                                                                       3\nIII. Objectives                                                                      5\nIV. Audit Results                                                                    5\n     A Inadequate Written Policies and Procedures                                    5\n     B Inconsistent Character, Reputation, and Transaction Integrity Due             8\n        Diligence\n     C Inconsistent Adherence to Procedures                                          10\n     D Lack of Segregation of Duties                                                 12\n     E Inaccurate Calculation of Exporter Score                                      15\nV.   Scope and Methodology                                                           16\nAppendixes\nI.   Acronyms\nII. Short-Term Insurance Program Products\nIII. Management Response\n\n\n\n\n                                           ii\n\x0cI.       EXECUTIVE SUMMARY\n\nThe Export-Import Bank of the United States (Ex-Im Bank) offers export-credit insurance to\nassist United States (U.S.) exporters in selling their goods overseas by protecting them\nagainst the risk of foreign-buyer or other foreign-debtor default for political or commercial\nreasons. This allows U.S. exporters to extend competitive credit terms to their international\ncustomers with reduced risk. The short-term insurance program policies are issued for one\nyear. They cover commercial and political risks; insure open-account or letter-of-credit sales\nfor a large variety of consumer goods, non-durables, spare parts, and bulk agriculture\nproducts; and apply to shipments to one or multiple buyers. Ex-Im Bank has two divisions\nthat conduct the short-term insurance program: the Trade Finance Division (TFD) and the\nTrade Credit Insurance Division (TCID).\n\nShort-term insurance authorizations have significantly increased in recent years due to the\nworldwide financial crisis. Between fiscal years (FYs) 2007 and 2011, authorizations\nincreased over 106 percent, from $3.3 billion in FY 2007 to $6.8 billion in FY 2011. The\nvolume of short-term insurance claims has also increased. Specifically, claims rose 42\npercent, from 200 claims in FY 2010 to 284 claims in FY 2011. The claims increase during FY\n2011 was isolated to TCID\xe2\x80\x99s portfolio and was a result of several frauds that involved\nmultiple exporters. These frauds represented approximately 100 claims.\n\nCotton & Company LLP, under a contract issued by the Office of Inspector General, completed\nan independent audit of the Ex-Im Bank short-term insurance program. We performed the\naudit to determine if the program had effective policies and procedures to manage credit risk\nand losses as well as to identify and respond to fraud risk during FYs 2010 and 2011.\n\nOur audit found that although procedures exist, these procedures are not adequately\ndocumented or consistently followed; duties were not always segregated appropriately; and\nsystem calculations were not always accurate. Specifically, we identified the following areas\nfor improvement:\n\n     \xe2\x80\xa2   Inadequate Written Policies and Procedures. The strength of existing credit risk\n         management procedures is a direct result of the long tenure and institutional\n         knowledge of short-term insurance program employees. However, the short-term\n         insurance program has not adequately documented its policies and procedures in the\n         form of official policies and directives. Existing documentation was not\n         comprehensive or complete, and in some instances was outdated. Furthermore,\n         program documentation did not identify all risks, including fraud risk factors, and had\n         not consistently identified procedures to address identified risks. (Finding A)\n\n     \xe2\x80\xa2   Inconsistent Character, Reputation, and Transaction Integrity (CRTI) Due\n         Diligence. The purpose of CRTI due diligence is to identify potential risks related to\n         the trustworthiness of transaction participants, the possibility of negative publicity\n         from Ex-Im Bank\xe2\x80\x99s involvement with the transaction, and the possibility that the\n         transaction is not legitimate or involves fraud, corruption, or other suspect practices.\n\n\n                                                 1\n\x0c       However, short-term insurance program personnel do not always perform proper\n       CRTI due diligence. (Finding B)\n\n   \xe2\x80\xa2   Inconsistent Adherence to Procedures. Ex-Im Bank personnel inconsistently apply\n       procedures that ensure compliance with program requirements and proper credit\n       risk management. (Finding C)\n\n   \xe2\x80\xa2   Lack of Segregation of Duties. Ex-Im Bank does not segregate duties for\n       underwriting and authorizing new short-term insurance program policies, new\n       Special Buyer Credit Limits (SBCLs), enhanced assignments, or renewals of high-\n       dollar or high-risk policies. While commercial banks may not always segregate these\n       duties either, all Ex-Im Bank transactions are backed by the full faith and credit of the\n       U.S. Government, and Ex-Im Bank has a duty to properly safeguard taxpayer resources\n       under its stewardship. (Finding D)\n\n   \xe2\x80\xa2   Inaccurate Calculation of Exporter Score. Ex-Im Online (EOL) calculations of the\n       exporter score, which assists in determining the risk of an exporter for a multi-buyer\n       policy, are not always accurate. (Finding E)\n\nThe lack of comprehensive written policies and procedures may result in inconsistent\nperformance of duties, reduce the effectiveness of the program\xe2\x80\x99s controls, and reduce\nproductivity. In addition, lack of compliance with the program\xe2\x80\x99s policies and procedures,\nimproper segregation of duties, and reliance on inaccurate data may cause the program to\nassign the wrong level of risk to a transaction. As a result, insurance policies may be\nauthorized with risk levels higher than Ex-Im Bank would otherwise accept, increasing the\nrisk of financial loss to the Ex-Im Bank through claims or through issuance of insurance\npolicies based on erroneous and potentially fraudulent information, or Ex-Im Bank may\nassign a higher level of risk than appropriate and not offer the insured the best policy terms.\n\nTo address these issues, we recommended that the short-term insurance program:\n\n       Document and implement comprehensive policies and procedures for the short-term\n       insurance program. This includes implementing enhanced procedures for\n       applications that have elevated business risk or fraud risk. (Recommendations A1 and\n       A2)\n\n       Require that officials authorizing insurance policies verify that CRTI due diligence was\n       completely performed and properly documented prior to approving the policy.\n       (Recommendation B1)\n\n       Develop and implement a monitoring process for periodically reviewing a sample of\n       credit decisions and ensure that the due diligence performed complied with the\n       program\xe2\x80\x99s policies and procedures. (Recommendations B2, C2, and D3)\n\n       Develop and implement a due diligence procedure checklist that is completed by the\n       official authorizing the short-term insurance policy prior to approval.\n       (Recommendation C1)\n\n\n                                               2\n\x0c       Require a separation of duties between staff performing the underwriting process and\n       the official authorizing all new policies, new SBCLs over $5,000, all enhanced\n       assignments, all renewals over $1 million, and all high-risk policy renewals.\n       (Recommendations D1 and D2)\n\n       Implement controls to ensure that exporter score calculations used during\n       underwriting are reliable. (Recommendation E1)\n\nManagement\xe2\x80\x99s response to our recommendations is reprinted in Appendix III.\n\nII.    BACKGROUND\n\nEx-Im Bank is an independent executive agency and a wholly-owned U.S. government\ncorporation. Ex-Im Bank assumes credit and country risks that the private sector is unable or\nunwilling to accept. It also helps U.S. exporters remain competitive by countering export\nfinancing provided by foreign governments on behalf of foreign companies.\n\nEx-Im Bank provides working capital guarantees (pre-export financing), export-credit\ninsurance, and loan guarantees and direct loans (buyer financing). Ex-Im Bank offers export-\ncredit insurance to assist U.S. exporters in selling their goods overseas by protecting them\nagainst the risk of foreign-buyer or other foreign-debtor default for political or commercial\nreasons. This allows U.S. exporters to extend competitive credit terms to their international\ncustomers with reduced risk. Insurance policies may cover short- or medium-term sales,\ncommercial and political risks, and shipments to one or multiple buyers.\n\nEx-Im Bank\xe2\x80\x99s short-term insurance program policies insure open-account or letter-of-credit\nsales for a large variety of consumer goods, non-durables, spare parts, and bulk agriculture\nproducts produced in the U.S. Policies are available for terms up to 180 days for most\nproducts. Policies for bulk agricultural and capital and/or quasi-capital goods may be\navailable for up to 360 days. Between FYs 2007 and 2011, authorizations increased over 106\npercent, from $3.3 billion in FY 2007 to $6.8 billion in FY 2011. Ex-Im Bank authorized $6.8\nbillion in short-term insurance during FY 2010. It authorized an additional $6.8 billion in FY\n2011.\n\nTo be eligible for Ex-Im Bank\xe2\x80\x99s short-term insurance program, goods must have more than\n50 percent U.S. content and be shipped from the U.S. Services must be performed by U.S.-\nbased personnel. Defense articles and services, as well as military buyers, are prohibited,\nalthough some exceptions may apply.\n\nEx-Im Bank has two divisions that conduct the short-term insurance program: TCID and TFD.\nEach division has multiple products supporting program objectives, as shown in the\nfollowing table:\n\n\n\n\n                                              3\n\x0c                         TCID                                                TFD\n    Multi-Buyer (Exporters):                           Single Buyer (Exporters):\n    \xe2\x80\xa2 Standard Policy                                  \xe2\x80\xa2 Comprehensive Policy\n    \xe2\x80\xa2 Standard Political-Only Policy                   \xe2\x80\xa2 Political-Only Policy\n    \xe2\x80\xa2 Reasonable Spread of Risk Policy                 Single Buyer (Financial Institutions):\n    \xe2\x80\xa2 Small Business Policy                            \xe2\x80\xa2 Financial Institution Buyer Credit Export\n    \xe2\x80\xa2 Small Business Environmental Policy                Insurance \xe2\x80\x93 Buyer Credits\n    \xe2\x80\xa2 Small Business Express Policy                    \xe2\x80\xa2 Financial Institution Buyer Credit Export\n                                                         Insurance \xe2\x80\x93 Supplier Credits\n                                                       Multi-Buyer (Financial Institutions):\n                                                       \xe2\x80\xa2 Bank Letter-of-Credit Policies\n\nDepending on the product, policy terms are typically one year and may be renewable.\nCoverage is normally 90-95 percent, and premiums are determined based on various risk\nfactors. Claims may not be filed earlier than 90 days after a default date (60 days for Bank\nLetter-of-Credit policies). Similarly, claims may not be filed more than 8 months after a\ndefault date (120 days for Bank Letter-of-Credit policies and 150 days for Financial\nInstitution Buyer Credit policies).\n\nTCID\xe2\x80\x99s multi-buyer portfolio consists of a high volume of small transactions, while TFD\xe2\x80\x99s\nportfolio consists of lower-volume, higher-dollar transactions. In addition, the focus of the\ndue diligence performed during underwriting differs. TCID performs due diligence on the\ninsured\xe2\x80\x94the exporter\xe2\x80\x94and the insured\xe2\x80\x99s ability to manage export credit decisions,\nespecially because buyers are not usually known to Ex-Im Bank at the time of underwriting.\nTCID will, however, perform due diligence on a buyer if an SBCL is requested. TFD due\ndiligence is performed on the insured as well as the primary source of repayment, which is\ntypically the buyer.\n\nThe tables below show Ex-Im Bank\xe2\x80\x99s total short-term insurance program policy\nauthorizations and claims managed by TCID and TFD in FYs 2010 and 2011.1\n\n                                              Authorizations\n                                                 Fiscal Year 2010                  Fiscal Year 2011\nInsurance Program                            Quantity        Value            Quantity         Value\nTCID Multi-Buyer (Exporter)                    2,061     $1,805,809,201         2,340      $1,953,152,136\nTFD Single Buyer (Exporter)                      378        166,733,572           388         162,310,102\nTFD Single Buyer (Financial Institution)         180        541,549,000           200         733,198,000\nTFD Multi-Buyer (Financial Institution)           59      4,272,000,000             63      3,915,000,000\nTotals                                         2,678 $6,786,091,773             2,991     $6,763,660,238\n\n\n\n\n1Represents all claims filed in the current and previous fiscal years with decisions made in either FY 2010 or FY\n2011. Totals include approved, denied, and withdrawn claims.\n\n\n                                                        4\n\x0c                                               Claims\n                                              Fiscal Year 2010            Fiscal Year 2011\nInsurance Program                          Quantity        Value       Quantity       Value\nTCID Multi-Buyer (Exporter)                     178       $4,724,944        266     $12,542,781\nTFD Single Buyer (Exporter)                        4         352,409          4         481,005\nTFD Single Buyer (Financial Institution)         18       26,635,811         14      21,302,013\nTFD Multi-Buyer (Financial Institution)            0               0          0               0\nTotals                                          200     $31,713,164        284     $34,325,799\n\nDetails for each of the short-term insurance program\xe2\x80\x99s products are in Appendix II.\n\nIII.    OBJECTIVES\n\nThe audit objective was to evaluate whether Ex-Im Bank has effective policies and\nprocedures to manage credit risk and losses and identify and respond to fraud risk for its\nshort-term insurance program. Specifically, we determined if Ex-Im Bank had established\neffective policies and procedures related to short-term insurance credit-underwriting due\ndiligence and, if applicable, exported merchandise was shipped to the approved, designated\ncountry. The objective also included determining if Ex-Im Bank complied with its own short-\nterm insurance program policies and procedures and applicable laws, rules, and regulations.\n\nIV.     AUDIT RESULTS\n\nKey elements to ensure that Ex-Im Bank has effective policies and procedures in the short-\nterm insurance program to manage credit risk and losses, as well as fraud risk, include:\n\n        Identifying internal and external risks to the program, including those related to\n        fraud; analyzing the potential impact to the program; and identifying and\n        implementing control activities that mitigate the risks.\n        Documenting and communicating program policies and procedures to all relevant\n        personnel.\n\n        Ensuring that policies and procedures are carried out completely and consistently.\n\nOur audit found that although procedures exist, the procedures are not adequately\ndocumented or consistently followed; duties were not always segregated appropriately; and\nsystem calculations were not always accurate. We identified the following areas for\nimprovement.\n\nA. Inadequate Written Policies and Procedures\n\nAlthough the short-term insurance program generally employed effective procedures, we\nfound that the program had not adequately documented those procedures in its formal\npolicies and directives. Instead, the program relied heavily on the long tenure and\ninstitutional knowledge of its personnel; one-on-one knowledge transfer among personnel;\nand materials that are publically available, including marketing materials and instructions or\n\n                                                  5\n\x0cnotices to applicants, to communicate program policies and procedures. We found that\nexisting program documentation was not comprehensive or complete, and in some instances\nwas outdated.\n\nTFD does not have formal, written credit due diligence policies and procedures. Instead, it\nrelies on an informal desk-procedures document, Instructions for the Preparation of Credit\nMemoranda, which provides guidance on the proper format and content of underwriting\nsummary memoranda and serves as a guideline for the underwriting process. We noted that\nTCID is currently updating its policies and procedures; however, TCID had not updated its\nprimary policy and procedure document, the Exporter Underwriting Manual, since 1998. We\nalso found that Ex-Im Bank\xe2\x80\x99s Short Term Credit Standards, which is used internally by Ex-Im\nBank\xe2\x80\x99s personnel as well as by customers and brokers, does not include credit standards for\nEx-Im Bank\xe2\x80\x99s new Express Insurance product.\n\nIn addition, short-term insurance program documentation did not always clearly identify\nprogram risks, including fraud risks, and processes to address these risks. While Ex-Im Bank\nhas identified general risk factors, the short-term insurance program documentation\ngenerally did not identify the risks specific to individual policy types. For the risks that were\nidentified, the specific procedures or processes designed to address the risks were not\nalways documented.\n\nFinally, we observed that the level of due diligence performed was generally based on the\ndollar value of the transaction. While program personnel may perform additional due\ndiligence on some transactions that may have higher business or fraud risk, the program\ndoes not have clear guidance as to when enhanced due diligence may be necessary and the\namount of due diligence that may be appropriate. For example, if fraud risk factors are\nidentified, expanded due diligence may include requiring financial statements that are\nreviewed or audited by a licensed certified public accountant (CPA), verifying that the CPA is\nlicensed, and contacting the licensed CPA to confirm that they prepared the review or audit\nreport.\n\nComprehensive policy and procedure documentation should clearly state program\nobjectives, identify risks that impact the program\xe2\x80\x99s ability to meet its stated objectives, and\nidentify procedures that the program employs to obtain reasonable assurance that stated\nobjectives are met. The documentation should also provide personnel with a clear\nunderstanding of program objectives as well as management\xe2\x80\x99s policies and directives, and\nshould enable personnel to carry out their job function.\n\nU.S. Government Accountability Office\xe2\x80\x99s Standards for Internal Control in the Federal\nGovernment states:\n\n       Effective internal control helps in managing change to cope with shifting environments\n       and evolving demands and priorities. As programs change and as agencies strive to\n       improve operational processes and implement new technological developments,\n       management must continually assess and evaluate its internal control to assure that the\n       control activities being used are effective and updated when necessary\xe2\x80\xa6.\n\n                                                6\n\x0c       Management is responsible for developing the detailed policies, procedures, and\n       practices to fit their agency\xe2\x80\x99s operations and to ensure that they are built into and an\n       integral part of operations\xe2\x80\xa6.\n\n       Internal control and all transactions and other significant events need to be clearly\n       documented [\xe2\x80\xa6] The documentation should appear in management directives,\n       administrative policies, or operating manuals\xe2\x80\xa6.\n\nThe lack of comprehensive written policies and procedures that reflect current practices and\nprogrammatic risks may cause gaps in the program\xe2\x80\x99s internal controls, create inconsistency\nin the performance of duties, reduce the effectiveness of the program\xe2\x80\x99s control, reduce\nproductivity, and result in the loss of institutional knowledge. This increases the risk of\nfinancial loss to Ex-Im Bank through claims or through issuance of insurance policies based\non erroneous and potentially fraudulent information.\n\nWe recommended that TCID and TFD:\n\n   \xe2\x80\xa2   Document policies and procedures through the use of management directives,\n       administrative policies, and operating manuals, and review and update them regularly\n       (as needed or at least once every 3 years). Documentation should identify Ex-Im\n       Bank\xe2\x80\x99s risks, including fraud risks, and procedures to address these risks.\n       (Recommendation A1)\n\n   \xe2\x80\xa2   Implement enhanced due diligence procedures for insurance applications that may\n       have elevated business risks or fraud risks, and document these procedures in the\n       Short-Term Insurance Program\xe2\x80\x99s policy and procedure documentation.\n       (Recommendation A2)\n\nManagement\xe2\x80\x99s Response\n\nThe Vice Presidents of TCID and TFD stated that both divisions have drafted updated\nOperating Manuals as part of a Bank-wide effort to consolidate, document, and update\npolicies and procedures across all Bank programs. According to the Vice Presidents, these\npolicies and procedures will address enhanced due diligence procedures for applications that\nrepresent elevated business or fraud risks.\n\nTCID is completing final edits to its Manual update which will approach a total of 100 pages,\nencompassing risk management guidelines, credit decision making procedures, and\ninsurance coverage tailoring advice for all TCID transaction types (Quotation, Renewal &\nAmendment of Exporter Multibuyer Insurance policies; Approval, Renewal, Amendment of\n[foreign] Buyer Credit Limit transactions; Approval, Renewal of Enhanced Assignment\nAgreements which protect lenders against exporter performance risk). TCID\xe2\x80\x99s Manual will be\ndelivered on or before September 14, 2012 to both Cotton & Company and Ex-Im Bank\xe2\x80\x99s\nCredit Review Division.\n\n\n                                                7\n\x0cSpecifically with regards to fraud prevention and detection practices, TCID is also producing\na brief manual of procedures and monitoring practices to diligently monitor the portfolio of\napproximately 90 Enhanced Assignment Agreements. These practices are intended to help\nmanage this \xe2\x80\x9celevated risk\xe2\x80\x9d portfolio component and to identify, deter, or initiate\nintervention where exporter fraud may be suspected.\n\nTCID will have one Loan Specialist (without credit authority) assuming the Compliance\nOfficer role to semiannually review each Enhanced Assignment exporter\xe2\x80\x99s policy activity,\nreview policy management/performance, request sample transaction documentation from\neach exporter\xe2\x80\x99s respective lenders, and perform validation inquiries with shipping\ncompanies identified in the sample transaction documents to verify the exporter\xe2\x80\x99s\ntransactions were made. A semi-annual summary will be produced by the Compliance Officer\non each Enhanced Agreement exporter and circulated to TCID and TFD management.\n\nTCID is targeting September 14, 2012 for a vetting draft to be circulated to TFD, the Credit\nReview Division, and the Executive Working Group for internal consensus ahead of\nproducing the final draft that will govern implementation (October 2012).\n\nEvaluation of Management\xe2\x80\x99s Response\n\nManagement\xe2\x80\x99s proposed actions are responsive; therefore, the recommendations are\nresolved and will be closed upon completion and verification of the proposed actions.\n\nB. Inconsistent CRTI Due Diligence\n\nShort-term insurance program personnel are required to ensure that proper CRTI due\ndiligence is completed before approving new or renewed authorizations. The purpose is to\nidentify potential risks related to the trustworthiness of transaction participants, the\npossibility of negative publicity from Ex-Im Bank\xe2\x80\x99s involvement with the transaction, and the\npossibility that the transaction is not legitimate or involves fraud, corruption, or other\nsuspect practices. Specific controls include ensuring that TCID and TFD:\n\n       Obtain a signed Ex-Im Bank Certifications and Notices Statement from the applicant\n       confirming that all transaction participants comply with U.S. laws and regulations and\n       international trade agreements, and are not on U.S. or international debarment lists.\n\n       Submit the names of all relevant parties involved in each transaction to the Ex-Im\n       Bank Library. The Library searches 19 databases, which include federal and\n       international debarment and sanction lists, news items, and legal notices, for potential\n       matches of names and addresses. Any match identified must be cleared by Ex-Im\n       Bank\xe2\x80\x99s Credit Review and Compliance Division. This search is required for all new\n       policies, policy renewals, issuing bank credit limit (IBCL) requests, and SBCL requests.\n\n\n\n\n                                               8\n\x0cOur testing confirmed that Ex-Im Bank did not always perform complete CRTI due diligence.\nDuring our testing of 159 authorizations and 19 SBCL or IBCL decisions during FYs 2010 and\n2011, we noted the following:\n\n       For nine authorizations, the program was not able to provide evidence that the\n       applicant completed the Certification and Notices Statement.\n\n       For five authorizations, the program was not able to provide evidence that a CRTI\n       search was performed.\n\n       For one authorization, TFD requested that a CRTI search be performed on the buyer,\n       but not on the exporter.\n\n       For two authorizations, the CRTI search was not performed because of an error in\n       EOL transaction reporting. During early FY 2010, transactions selected for \xe2\x80\x9cAuto\n       Underwriting\xe2\x80\x9d were not included in the activity report, which TCID uses to compile\n       the list given to the Library to perform CRTI searches. This error was identified by\n       TCID and corrected during FY 2010. We noted this same condition for two SBCL\n       decisions tested during our additional claims testing.\n\nEx-Im Bank\xe2\x80\x99s Character, Reputational, and Transaction Integrity Due Diligence Internal\nPolicies and Procedures requires that applicants provide certifications and warranties that\ntransactions are legitimate and that participants are of suitable reputation and character;\nthat underwriters independently verify whether a known transaction participant (including\nlenders, exporters, and suppliers) appears on any of the Prohibited or Restricted Parties lists\nmaintained by Ex-Im Bank, the U.S. Government, certain foreign governments, and/or\nmultilateral organizations; and that all due diligence is maintained in the transaction file.\n\nWithout proper CRTI due diligence, short-term insurance policies may be authorized with risk\nlevels higher than Ex-Im Bank would otherwise accept. This increases the risk of financial loss to\nEx-Im Bank, either through claims or through issuance of insurance policies based on erroneous\nand potentially fraudulent information.\n\nWe recommended that TCID and TFD:\n\n   \xe2\x80\xa2   Develop and implement policies and procedures to ensure that individuals with\n       delegated authority verify that complete CRTI due diligence is performed and\n       documented before approving a policy, such as requiring an indicator on the credit\n       decision memo showing that CRTI due diligence was completed and properly\n       documented. (Recommendation B1)\n\n   \xe2\x80\xa2   Develop and implement a monitoring process for periodically reviewing a sample of\n       short-term insurance program authorizations to ensure that CRTI due diligence\n       complies with policies and procedures. (Recommendation B2)\n\n\n\n\n                                               9\n\x0cManagement\xe2\x80\x99s Response\n\nThe Vice Presidents of TCID and TFD stated that both divisions have established practices in\nplace for performing CRTI due diligence as part their respective transaction credit decision\nmaking processes. Further, they noted that (1) this due diligence is inherently the\nresponsibility of the individual exercising delegated credit authority, and (2) what may be\ninconsistent is how each individual with credit authority, or a subordinate credit officer\nproducing the credit memorandum for the individual having Individual Delegated Authority,\nis documenting the CRTI performance. Credit decision memorandum templates or online\nsystem Underwriting Summaries can be amplified for a necessary memo indicator\nconfirming performance of CRTI prior to formal transaction document production. In\naddition, the Vice Presidents expect that the Credit Review and Compliance Division will\ncontinue to perform regular reviews of transactions authorized under delegated authority\nthat would encompass monitoring of the documentation of the CRTI process being\ncompleted. The Vice Presidents noted that the \xe2\x80\x9chit rate\xe2\x80\x9d of matches determined through the\ncurrent CRTI search process is extremely low which suggests that incremental risk is limited\nin this area.\n\nEvaluation of Management\xe2\x80\x99s Response\n\nManagement\xe2\x80\x99s proposed actions, in conjunction with management\xe2\x80\x99s actions provided for in\nresponse to recommendations A1/A2, are responsive; therefore, the recommendations are\nresolved and will be closed upon completion and verification of the proposed actions.\n\nC. Inconsistent Adherence to Procedures\n\nWe tested a sample of 167 short-term insurance policies authorized by TCID and TFD, as well\nas 15 SBCLs and 4 IBCLs, to determine if Ex-Im Bank complied with existing due diligence\npolicies and procedures. We found:\n\n   \xe2\x80\xa2   One authorization tested did not meet Ex-Im Bank\xe2\x80\x99s U.S. content requirement.\n       During the underwriting process, the Relationship Manager (RM) reviews the short\n       term insurance application to ensure that the applicant has affirmed the U.S. content\n       of the goods being exported and that the product description on the application is\n       likely to have more than 50 percent U.S. content. However, TFD authorized a Financial\n       Institution Buyer Credit policy even though the application stated that the exported\n       goods did not meet the U.S. content requirement. While the supplier may not have\n       been known at the time of application and the insured would have received an\n       \xe2\x80\x9cExporter\xe2\x80\x99s Certificate\xe2\x80\x9d which would have provided evidence of the shipment\xe2\x80\x99s U.S.\n       content after shipment in the event of a claim, the RM manager should have\n       performed additional due diligence to determine if the exported goods would meet\n       the U.S. content requirement.\n\n   \xe2\x80\xa2   One authorization was issued at an amount higher than what was\n       recommended by both the underwriter and approver. The insured requested a\n       $2.1 million policy, which was entered into EOL. TFD determined that the requested\n\n                                             10\n\x0c       exposure was too high a repayment risk for Ex-Im Bank and recommended and\n       approved a lower policy limit of $1.0 million. Neither the underwriter nor approver\n       changed the original insurance policy amount in EOL, nor was the error detected prior\n       to the approval or the issuance of the authorization.\n\n   \xe2\x80\xa2   One SBCL with a credit limit of $200,000 was approved although the Short-Term\n       Credit Standards (STCS) were not met. Ex-Im Bank has established STCS as the\n       standardized basis for evaluating the creditworthiness of parties for each type of\n       short-term policy. Any standards not met should be mitigated by some additional\n       information that helps increase the likelihood of repayment. For a SBCL of $200,000,\n       STCS require a favorable credit agency report and one of the following: a trade\n       reference with similar amount and terms, the applicant\xe2\x80\x99s ledger experience with\n       similar amount and terms, or the buyer\xe2\x80\x99s signed financial statement for the two most\n       recent fiscal years. However, we observed that for one SBCL with a credit limit of\n       $200,000, the credit report that TCID obtained on the buyer was not favorable, and\n       TCID did not obtain a favorable trade reference, ledger history, or financial statements\n       as required. Furthermore, the missed STCS were not mitigated by the underwriter.\n\nDuring our review of the underwriting history of policies that had claims, we also found one\nSBCL authorization in which the buyer did not meet the STCS requirement for years of\nexperience. Per the underwriting summary, TCID mitigated the missed standard based on\nthe buyer\xe2\x80\x99s favorable credit report and financial condition. TCID was not able to provide the\ncredit report that supports these mitigating factors.\n\nContent Policy for Short-term Programs (Inst-12-010) states that to be eligible for Ex-Im Bank\nsupport, \xe2\x80\x9cEach Product must have more than 50% U.S. content based on labor, material, and\ndirect overhead, exclusive of any profit.\xe2\x80\x9d\n\nOffice of Management and Budget Circular A-123, Management Accountability and Control,\nstates that management should develop controls that reasonably ensure that \xe2\x80\x9creliable and\ntimely information is obtained, maintained, reported and used for decision making.\xe2\x80\x9d\n\nEx-Im Bank Short Term Credit Standards (EIB 99-09) states that:\n\n       \xe2\x80\xa6the criteria Ex-Im Bank will apply in evaluating the creditworthiness of the primary\n       source of repayment or, in the case of the multi-buyer product, the ability of the exporter\n       to manage and evaluate credit in a reasonable and prudent manner...\n\n       Ex-Im Bank will consider approval of an application that does not entirely meet the\n       standards if mitigating credit factors exist.\n\nBy not adhering to underwriting policy and procedures, Ex-Im Bank authorized a policy that\ndid not comply with its mission to assist in financing the export of U.S. goods and services. In\naddition, Ex-Im Bank authorized a policy and an SBCL with risk levels higher than what Ex-\nIm Bank would otherwise accept and that did not conform to Ex-Im Bank\xe2\x80\x99s standards.\n\n\n                                               11\n\x0cWe recommended that TCID and TFD:\n\n   \xe2\x80\xa2   Develop and implement a due-diligence procedure checklist that is completed by\n       individuals with delegated authority to approve authorizations, SBCLs, and IBCLs.\n       (Recommendation C1)\n\n   \xe2\x80\xa2   Develop and implement a monitoring process for periodically reviewing a sample of\n       authorizations to ensure that the decision complied with Ex-Im Bank\xe2\x80\x99s policies and\n       procedures. (Recommendation C2)\n\nManagement\xe2\x80\x99s Response\n\nThe Vice Presidents of TCID and TFD stated that they do not believe that a checklist that\nsimply indicates whether basic action has been taken, without the result of that action,\nenhances a decision-makers ability to establish that sufficient action has been taken.\nFurthermore, they stated that decision-memorandum templates were developed in an effort\nto guide loan officers to address essential items of analysis in a manner that allows the\ndecision-maker to assess whether or not the due diligence performed was sufficient.\n\nThe Vice Presidents stated that Ex-Im Bank\xe2\x80\x99s Short Term Credit Standards serve a dual\npurpose of offering customers transparency and a means to assure consistency on how their\ncredit transactions are being evaluated. The Standards also offer credit officers, with or\nwithout Individual Delegated Authority, a framework for their credit analysis. However, each\ntransaction may have unique material adverse issues or require comprehensive justification\nto mitigate a missed credit standard. The Vice Presidents noted that the Bank\xe2\x80\x99s Credit Review\nand Compliance Division annually audits random sample TCID and TFD transactions with the\nobjective of assessing the quality of the credit decision making justifications and adherence\nto prescribed due diligence practices.\n\nEvaluation of Management\xe2\x80\x99s Response\n\nOur recommendation to develop and implement a due-diligence procedures checklist is\nintended to ensure individuals with delegated authority to approve authorizations consider\nall variables when making determinations. We agree that such a checklist by itself will not\nenhance a decision-maker\xe2\x80\x99s ability to establish that sufficient action has been taken;\nhowever, it will provide a tool for ensuring that decision-makers have taken all factors into\nconsideration prior to making a determination.\n\nAdditionally, management should establish review procedures to monitor decisions for\ncompliance with policies and procedures.\n\nManagement\xe2\x80\x99s comments are considered unresponsive; therefore, the recommendations are\nunresolved and will be referred to the Ex-Im Bank Audit Follow-Up official.\n\n\n\n\n                                              12\n\x0cD. Lack of Segregation of Duties\n\nThe TCID multi-buyer portfolio consists of a high volume of small transactions. During FYs\n2010 and 2011, TCID authorized over 4,300 policies, as depicted in the following table:\n\n                                 FY 2010                      FY 2011\n                         Count         Total          Count         Total\n       New Policies        472      $385,646,600        523      $331,459,290\n       Policy Renewals   1,569    $1,366,562,601      1,814    $1,621,201,539\n       Total             2,041    $1,752,209,201      2,337    $1,952,660,829\n\nWe noted that the same individual performed both underwriting and approvals of 62 of the\n98 TCID authorizations included in our testing. This is allowed under Ex-Im Bank\xe2\x80\x99s Board of\nDirectors\xe2\x80\x99 Individual Delegated Authority Board Resolution dated July 26, 2010, and\nauthorized individuals approved all policies. TCID could, however, strengthen its controls\nover authorizations by segregating underwriting and approving functions. This segregation\nof duties exists in TFD.\n\nTCID has historically employed this risk-based approach, which identifies and measures risk\nbased on the dollar value of the transaction and delegates authority based on the knowledge,\nskills, and qualifications of personnel, because of the high volume of TCID transactions. While\nsimilar practices may occur in the commercial market, Ex-Im Bank has a duty to the taxpayer\nto safeguard its resources, as all Ex-Im Bank transactions are backed by the full faith and\ncredit of the U.S. Government.\n\nU.S. Government Accountability Office\xe2\x80\x99s Standards for Internal Control in the Federal\nGovernment states:\n\n       Key duties and responsibilities need to be divided or segregated among different people\n       to reduce the risk of error or fraud. This should include separating the responsibilities\n       for authorizing transactions, processing and recording them, reviewing the transactions,\n       and handling any related assets. No one individual should control all key aspects of a\n       transaction or event.\n\nBecause the same individual within TCID frequently performs underwriting, approval, and\nauthorization, policies may be authorized with risk levels higher than Ex-Im Bank would\notherwise accept. This increases the risk of financial loss to Ex-Im Bank, either through\nclaims or through issuance of insurance policies based on erroneous and potentially\nfraudulent information.\n\nWe recommended that TCID:\n\n   \xe2\x80\xa2   Require separate individuals to perform the underwriting and approving functions for\n       all new multi-buyer policies, all new SBCLs over $5,000, and all enhanced\n       assignments. (Recommendation D1)\n\n                                              13\n\x0c   \xe2\x80\xa2   Require separate individuals to perform the underwriting and approving functions for\n       all policy renewals with a limit over $1 million or with an enhanced assignment or if\n       the transaction has elevated business or fraud risks. (Recommendation D2)\n\n   \xe2\x80\xa2   Develop and implement periodic reviews of authorizations underwritten and\n       approved by the same individual to ensure that decisions complied with Ex-Im Bank\xe2\x80\x99s\n       due diligence policies and procedures. (Recommendation D3)\n\nManagement\xe2\x80\x99s Response\n\nThe Vice President of TCID stated that the division processes well over 16,000 transactions\nannually, many of which are small (less than $300,000) foreign buyer credit limits. Cycle\ntimes and customer service goals are tight, hence it is impractical to segregate underwriting\nand authorizing duties on each TCID transaction. The Vice President proposed that\nsegregation of duties apply on only the most elevated risk transactions, represented by all\nEnhanced Assignment Agreement transactions, $1,000,000 or larger multibuyer policies with\nloss ratios exceeding 100 percent, and buyer foreign credit transactions where footnotes 4, 5,\n11, and 13 apply or the per buyer exposure exceeds $1,000,000. The Vice President noted\nthat the online system currently is programmed to require segregated duties for both policy\nand buyer credit limit decision making based on progressively higher amounts and some of\nthe noted footnotes.\n\nFurther, the Vice President proposed that, in addition to the Credit Review and Compliance\nDivision\xe2\x80\x99s annual audit of sample TCID transaction underwriting, TCID management conduct\nits own internal, annual audit of transaction samples of each officer with Individual\nDelegated Authority. The summary findings would be shared with the Credit Review and\nCompliance Division.\n\nRegarding segregation of duties within TFD, management noted that TFD intends to shortly\ngrant Individual Delegated Authority to loan officers who would then both underwrite and\nauthorize certain short-term transactions. TFD intends to limit the amount and risk profile of\ntransactions that could be processed under this authority. Each transaction would continue\nto require prior supervisor screening for directing the loan officer towards decision making\naction under their own authority.\n\nEvaluation of Management\xe2\x80\x99s Response\n\nKey duties and responsibilities must be divided or segregated among different individuals to\nreduce the risk of error or fraud. This should include separating the responsibilities for\nauthorizing, processing and recording, and reviewing transactions, as well as for handling\nany related assets. No one individual should control all key aspects of a transaction or event.\n\nManagement\xe2\x80\x99s proposed actions are considered unresponsive; therefore, recommendations\nD1 and D2 are unresolved and will be referred to the Ex-Im Bank Audit Follow-Up official.\n\n\n\n                                              14\n\x0cWith respect to our recommendation D3 for developing and implementing periodic reviews\nof authorizations underwritten and approved by the same individual, TCID proposed that\nmanagement conduct annual internal audits of transaction samples for each officer with\nIndividual Delegated Authority. These audits, when accomplished, should satisfy the\nrecommendation. The recommendation is resolved and will be closed upon completion and\nverification of the proposed actions.\n\nE. Inaccurate Calculation of Exporter Score\n\nTCID relies on the exporter score to quantify potential exporter risk during the credit\nunderwriting process for short-term multi-buyer policies. The score is a composite of\nten components and is calculated by EOL from data in the application or from information\nentered by the RM. During our testing, we observed that EOL did not always properly\ncalculate the exporter score. Specifically, we noted that during renewal underwriting, 2 of the\n10 components were not always updated. This error resulted in an exporter score that was\nless favorable for the exporter than it would have been had the score been calculated\ncorrectly. TCID did not detect this error.\n\nOffice of Management and Budget Circular A-123, Management Accountability and Control,\nstates that management should develop controls that reasonably ensure that \xe2\x80\x9creliable and\ntimely information is obtained, maintained, reported and used for decision making.\xe2\x80\x9d\n\nTCID relies upon exporter scores that may be inaccurately calculated during renewal, which\nmay result in a score that is lower than it would be had it been calculated correctly. As a\nresult, the short-term insurance program may determine that an exporter or transaction is a\nhigher risk to Ex-Im Bank than it actually is, thus providing the exporter with less favorable\nterms for the insurance policy than is appropriate.\n\nWe recommended that TCID work with Information Technology Systems Engineering to\nimplement controls to ensure that EOL\xe2\x80\x99s exporter score calculations used during\nunderwriting are accurate. (Recommendation E)\n\nManagement\xe2\x80\x99s Response\n\nThe Vice President of TCID noted that the \xe2\x80\x9cExporter Score\xe2\x80\x9d is calculated and used only in the\nunderwriting of an exporter short term multibuyer policy. The score is intended to\ndifferentiate multibuyer policy exporters based on the quality of their foreign receivable\nportfolio and how well they manage foreign credit. The score is then used towards\nconsideration of granting nominal delegated credit authority (Discretionary Credit Limit) to\nthe exporter for making smaller foreign buyer credit decisions, effectively reducing a large\nadministrative burden on TCID staff (approximately 15,000 buyer approvals annually). The\nscore also contributes towards TCID loan officer\xe2\x80\x99s underwriting Special Buyer Credit Limits\nwhich are required for transactions exceeding the exporters delegated credit authority or if\nthe Country Limitation Schedule restricts use of that authority.\n\n\n\n                                              15\n\x0c   The Vice President stated that TCID is requesting modifications within EOL to assure\n   accurate calculation is made on quotations, renewal, and amendment of multibuyer policies.\n   The requirements have been presented to the IMT Division and programmer/developers will\n   build in the modifications for user acceptance testing by the end of 2012. The tested\n   functionality should be operable by January 2013. In the meantime, instruction has been\n   disseminated to TCID staff to manually validate accurate Exporter Scores at each policy\n   renewal.\n\n   Evaluation of Management\xe2\x80\x99s Response\n\n   Management\xe2\x80\x99s proposed actions are responsive; therefore, the recommendations are\n   resolved and will be closed upon completion and verification of the proposed actions.\n\n   V.         SCOPE AND METHODOLOGY\n\n   The Office of Inspector General engaged Cotton & Company to conduct this audit. We\n   conducted this performance audit in accordance with generally accepted government\n   auditing standards. Those standards require that we plan and perform the audit to obtain\n   sufficient, appropriate evidence to provide a reasonable basis for our findings and\n   conclusions based on our audit objectives. We believe that the evidence obtained provides a\n   reasonable basis for our findings and conclusions based on our audit objectives.\n\n   We conducted our fieldwork from March 14 \xe2\x80\x93 June 21, 2012. To accomplish our objectives,\n   we assessed Ex-Im Bank\xe2\x80\x99s policies and procedures over its short-term insurance program.\n   Our methodology required that we interview key Ex-Im Bank staff from TCID and TFD to\n   obtain an understanding of Ex-Im Bank\xe2\x80\x99s short-term insurance program and to obtain\n   relevant information and documentation applicable to the program. We also obtained\n   documentation from Ex-Im Bank\xe2\x80\x99s external financial statement auditors to assist us in our\n   understanding of the program.\n\n   We also selected samples from policies authorized, SBCL and IBCLs approved, and claims\n   paid in FYs 2010 and 2011. Sample sizes by policy types are shown below.\n\n\n\n                                             Authorizations Sampled\n                                      New                    Renewals               Amendments                  Totals\nPolicy Type                   Count    Amount        Count      Amount           Count   Amount         Count      Amount\nMulti-Buyer                     65     $61,400,000     33          $91,100,000      2      $6,500,000    100      $159,000,000\nSingle Buyer                    22      88,810,426                                  3       2,944,858     25        91,755,284\nFinancial Institution Buyer     24     187,514,000                                  3      11,295,000     27       198,809,000\nBank Letter of Credit           10     185,000,000      5           51,000,000      0              0      15       236,000,000\nSample Total                   121    $522,724,426     38       $142,100,000        8     $20,739,858    167      $685,564,284\nPopulation Total              2,114 $2,446,541,118 3,495 $10,989,764,140           60    $113,446,752 5,669     $13,549,752,011\nPercent of Population           6%           21%       1%                  1%     13%            18%      3%                5%\n\n\n                                                              16\n\x0c                                    SBCLs and IBCLs Sampled\n                                                                     SBCL\\IBCLs\n                    Policy Type                              Count          Amount\n                    Multi-Buyer                                15           $6,200,000\n                    Bank Letter of Credit                       4           17,704,829\n                    Sample Total                               19          $23,904,829\n\n\n                                            Claims Sampled\n\n                    Product                                  Count       Amount Paid\n                    Multi-Buyer                                  44          $3,474,480\n                    Single Buyer                                   1            224,761\n                    Financial Institution Buyer Credit             2          1,294,871\n                    Bank Letter of Credit                          0                  0\n                    Sample Total                                 47          $4,994,112\n                    Population Total                             484        $66,038,963\n                    Percent of Population Tested                10%                 8%\n\n\nFor each of the sampled policies, we tested Ex-Im Bank\xe2\x80\x99s compliance with existing policies\nand procedures and evaluated them for adequacy. For claims, we evaluated compliance with\npolicies and procedures and evaluated the sufficiency of Ex-Im Bank claim reviews. We also\nreviewed the underwriting history for 31 of the claims tested, as shown below.\n\n                                Underwriting Review of Claims\n\n                                                                       Claims\n\n                        Product                              Count      Amount Paid\n                        Multi-Buyer                             28        $2,234,172\n                        Single Buyer                             1           224,761\n                        Financial Institution Buyer Credit       2         1,294,871\n                        Bank Letter of Credit                    0                 0\n                        Sample Total                            31        $3,753,804\n\n\n\n\n                                                     17\n\x0cAPPENDIX I\nACRONYMS\n\x0c                           ACRONYMS\n\nCPA          Certified Public Accountant\nCRTI         Character, Reputation, and Transaction Integrity\nEOL          Ex-Im Online\nEx-Im Bank   Export-Import Bank of the United States\nFY           Fiscal Year\nIBCL         Issuing Bank Credit Limit\nRM           Relationship Manager\nSBCL         Special Buyer Credit Limit\nSTCS         Short-Term Credit Standards\nTCID         Trade Credit Insurance Division\nTFD          Trade Finance Division\nU.S.         United States\n\x0c              APPENDIX II\nSHORT-TERM INSURANCE PROGRAM PRODUCTS\n\x0c                                               SHORT-TERM INSURANCE PROGRAM PRODUCTS\n\nPolicy Name                 Multi-Buyer                       Single Buyer               Financial Institution Buyer            Bank Letter of Credit\nPolicy Holder                 Exporter                          Exporter                     Financial Institution               Financial Institution\nInsures            An exporter\xe2\x80\x99s sales to multiple   An exporter\xe2\x80\x99s sales to a single   A financial institution\xe2\x80\x99s short-   The U.S. financial institution\xe2\x80\x99s\n                   foreign buyers against the risk   foreign buyer against the risk    term direct buyer credit loan      irrevocable letters of credit\n                   of non-payment.                   of non-payment.                   or reimbursement loan made         issued by foreign financial\n                                                                                       to a foreign buyer financing       institution that finance U.S.\n                                                                                       U.S. exports.                      exports.\nRisk covered                                                              Commercial and Political\nExports Covered                                              Exports must contain more than 50% U.S. content.\n                                            Exporters of military and defense-related goods and materials are usually excluded.\nRate of Coverage   100% for sovereign buyers         100% for sovereign buyers         100% for sovereign obligors or     100% for sovereign financial\n                   95% for private buyers            90% for private buyers            guarantors                         institutions\n                   98% for approved agricultural     98% for approved agricultural     90% for private obligors or        95% for private financial\n                   commodities                       commodities                       guarantors                         institutions\n                                                                                       98% for approved agricultural      98% for approved agricultural\n                                                                                       commodities                        commodities\nStandard Terms                                           Policies are authorized for one year and may be renewed.\n                                        Transaction repayment terms must be no more than 180 days for most goods and services,\n                                                      with the exception of 360 days for some qualifying transactions\nPremiums           Composite rate is calculated      Varies depending on country,      Varies depending on country,       Uses a risk-based pricing\n                   based on spread of risk, buyer    type of buyer, and length of      type of buyer, and length of       system that reflects major risk\n                   type, and length of credit        credit term. Minimum              credit term. Requires an           elements of each transaction.\n                   terms extended. Requires an       premiums are required.            advance deposit of $2,000.         Requires an advance deposit\n                   advance deposit of $500.                                                                               of $2,000.\n\x0c    APPENDIX III\nMANAGEMENT RESPONSE\n\x0c                             EXPORT-IMPORT BANK\n                            of the UNITED STATES\nMEMORANDUM\n\nSeptember 18, 2012\n\nTO:            Alice Albright, Chief Operating Officer\n\nCC:            John McAdams, Senior Vice President, Export Finance\n               Charles Tansey, Senior Vice President, Small Business\n\nFROM:          Walter Kosciow, Vice President, Trade Credit Insurance\n               Jeffrey Abramson, Vice President, Trade Finance\n\nSUBJECT:       Management Response to OIG Draft Audit (conducted by Cotton and\n               Company) on Short-term Insurance Programs-OIG-AR-12-05\n\n\n\nThe follow is the management response to the Office of the Inspector General\'s draft\naudit report of August 15.\n\nRecommendations AlIA2: Document comprehensive short term insurance\npolicies/procedures (AI) and implement enhanced due diligence procedures (A2)\nBoth the Trade Finance Division (TFD) and Trade Credit Insurance Division (TCID)\nhave drafted updated Operating Manuals as part of a Bank-wide effort to consolidate,\ndocument and update policies and procedures across all bank programs. These policies\nand procedures will address enhanced due diligence procedures for applications that\nrepresent elevated business or fraud risks.\n\nTCID is completing final edits to its Manual update which will approach a total of 100\npages, encompassing risk management guidelines, credit decision making procedures,\nand insurance coverage tailoring advice for all TCID transaction types (Quotation,\nRenewal & Amendment of Exporter Multibuyer Insurance policies; Approval, Renewal,\nAmendment of (foreign) Buyer Credit Limit transactions; Approval, Renewal of\nEnhanced Assignment Agreements which protect lenders against exporter performance\nrisk. TCID\' s Manual will be delivered on or before September 14, 2012 to both the\nCotton Co. and Ex-1m Bank\'s Credit Review Division (CRD).\n\nSpecifically with regards to fraud prevention and detection practices, TCID is also\nproducing a brief manual of procedures and monitoring practices to diligently monitor the\nportfolio of approximately 90 Enhanced Assignment Agreements (EA). These practices\nare intended to help manage this "elevated risk" portfolio component and to identify,\ndeter, or initiate intervention where exporter fraud may be suspected.\n\n\n\n\n               811 Vermont Avenue, N.W. Washington, D.C.                   20571\n\x0cTCID will have one Loan Specialist (without credit authority) assuming the Compliance\nOfficer role to semiannually review each EA exporter\'s policy activity, policy\nmanagement/performance, request sample transaction documentation from each\nexporter\'s respective lenders, and perform validation inquiries with shipping companies\nidentified in the sample transaction documents to verify the exporter\'s transactions were\nmade. A semi-annual summary will be produced by the Compliance Officer on each EA\nexporter and circulated to TCID and TFD management.\nWe are targeting September 14, 2012 for a vetting draft to be circulated to TFD, CRD,\nEWG for internal consensus ahead of producing the final draft that will govern\nimplementation (October 2012).\n\nRecommendations BIIB2: Perform, Document and Monitor CRTI Due Diligence\nTCID and TFD have established practices in place for performing CRTI due diligence as\npart their respective transaction credit decision making processes. This due diligence is\ninherently the responsibility ofthe individual exercising delegated credit authority (IDA).\nWhat may be inconsistent is how each individual with credit authority,or a\'subordinate\ncredit officer producing the credit memorandum for the individual having IDA, is\ndocumenting the CRTI performance. Credit decision memorandum templates or online\nsystem Underwriting Summaries can be amplified for a necessary memo indicator\nconfirming performance of CRTI prior to formal transaction document production. In\naddition, we expect that the Credit Review and Compliance Division will continue to\nperform regular reviews of transactions authorized under delegated authority that would\nencompass monitoring of the documentation of the CRTI process being completed. We\nnote that the "hit rate" of matches determined through the current CRTI search process is\nextremely low which suggests that incremental risk is limited in this area.\n\nRecommendations Cl/C2: Develop a due-diligence procedures checklist and\nmonitor compliance with policies and procedures for transactions authorized via\nIndividual Delegated Authority\nWe do not believe that a checklist that simply indicates whether basic action has been\ntaken, without the result of that action, enhances a decision-makers ability to establish\nthat sufficient action has been taken. The decision-memorandum templates were\ndeveloped in an effort to guide loan officers to address essential items of analysis in a\nmanner that allows the decision-maker to assess whether or not the due diligence\nperformed was sufficient.\n\nEx-Im Bank\'s Short Term Credit Standards serve a dual purpose of offering customers\ntransparency and a means to assure consistency on how their credit transaCtions are being\nevaluated. The Standards also offer credit officers, with or without IDA, a framework for\ntheir credit analysis. However, each transaction may have unique material adverse issues\nor require comprehensive justification to mitigate a missed credit standard. The Bank\'s\nCredit Review and Compliance Division annually audits random sample TCID and TFD\ntransactions with the obj ective of assessing the quality of the credit decision making\n\x0cjustifications and adherence to prescribed due diligence practices. (Please also refer to\nresponse to Recommendations D1-D3 on "Segregation of Duties" as it relates to TCID)\n\nRecommendations DI-D3: Lack of Segregation of Underwriting Duties\nTCID processes well over 16,000 transactions annually, many of which are small (less\nthan $300,000) foreign buyer credit limits. Cycle times and customer service goals are\ntight, hence it is impractical,to segregate underwriting and authorizing duties on each\nTCID transaction. We propose that segregation of duties apply on only the most elevated\nrisk transactions, represented by all Enhanced Assignment Agreement transactions,\n$1,000,000 or larger Multibuyer policies with loss ratios exceeding 100%, and buyer\nforeign credit transactions where footnotes 4,5, 11, and 13 apply or the per buyer\nexposure exceeds $1,000,000. The online system currently is programmed to require\nsegregated duties for both policy and buyer credit limit decision making based on\nprogressively higher amounts and some ofthe noted footnotes.\n\nTCID proposes that in addition to the Credit Review and Compliance Division\'s (CRCD)\nannual audit of sample TCID transaction underwriting, that TCID management conduct\nits own internal, annual audit of transaction samples of each officer with IDA. The\nsummary findings would be shared with the CRCD.\n\nTFD intends to shortly grant delegated authority (IDA) to loan officers who would then\nboth underwrite and authorize certain short-term transactions. TFD intends to limit the\namount and risk profile of transactions that could be processed under this authority. Each\ntransaction would continue to require prior supervisor screening for directing the loan\nofficer towards decision making action under their own authority.\n\nRecommendation E: Implement Controls to Assure Accurate Calculation of\nExporter Scores\nNote: The "Exporter Score" is calculated and used only in the underwriting of an\nexporter short term multibuyer policy. The score is intended to differentiate multibuyer\npolicy exporters based on the quality of their foreign receivable portfolio and how well\nthey manage foreign credit. The score is then used towards consideration of granting\nnominal delegated credit authority (Discretionary Credit Limit) to the exporter for\nmaking smaller foreign buyer credit decisions, effectively reducing a large administrative\nburden on TCID staff(approximately 15,000 buyer approvals annually). The score also\ncontributes towards TCID loan officer\'s underwriting Special Buyer Credit Limits which\nare required for transactions exceeding the exporters delegated credit authority or if the\nCountry Limitation Schedule restricts use of that authority.\n\nTCID has concluded requesting modifications within Ex-1m Online to assure accurate\ncalculation is made on quotations, renewal and amendment of multibuyer policies. The\nrequirements have been presented to our IMT Division and programmer/developers will\nbuild-in the modifications for user acceptance testing by the end of this calendar year.\n\x0cThe tested functionality should be operable by January 2013. In the meantime.,\ninstruction has been disseminated to TCID staff to manually validate accurate Exporter\nScores at each policy renewal\n\x0cOffice of Inspector General\nExport-Import Bank of the United States\n811 Vermont Avenue, NW\nWashington, DC 20571\n202-565-3908\nwww.exim.gov/oig\n\x0c'